This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Fwd: [enum-wg] Tier-2 provisioning: NS vs CNAME/DNAME
- Previous message (by thread): [dns-wg] Fwd: [enum-wg] Tier-2 provisioning: NS vs CNAME/DNAME
- Next message (by thread): [dns-wg] Fwd: [enum-wg] Tier-2 provisioning: NS vs CNAME/DNAME
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Jim Reid
jim at rfc1035.com
Thu Jul 15 15:25:27 CEST 2004
>>>>> "Niall" == Niall O'Reilly <Niall.oReilly at ucd.ie> writes: >> You lose the granularity of control and the flexibility to let >> customers manage their delegations. I'm presuming you plan to >> have all your numbers CNAME'd into a single zone file rather >> than discrete zone files for each zone. Niall> I see it quite the other way around: you _gain_ Niall> flexibility. Is the glass half-empty or half-full? It depends on where you look from. Niall> The customer has a single point of administration for Niall> announcing the delegation and changes thereto. Once the Niall> CNAME has aged out from resolver caches, there is no trace Niall> left of obsolete data in the 'golden tree'. If the T2 Niall> provider which the customer has just deserted delays (or Niall> neglects) removing the relevant RRsets, so what ? With NS, Niall> on the other hand, you have to make sure that all the Niall> obsolete data on still authoritative servers is eliminated. Niall, I don't understand what you're saying. Perhaps you could explain your envisaged scheme with some examples: ie what's in zone files. You're now talking about T2 provider. From your earlier posting I'm confused if this is a registry, DNS provider, registrar (or some combination of these) and what RR/zone data they may hold and manipulate. So please, draw me an idiot-proof picture. The roles and interfaces you're outlining seem rather fuzzy. Niall> Are you saying that the opportunity for restrictive Niall> practices is significantly different according to which Niall> method you choose for implementing delegation ? YES! It's not just about how delegation gets implemented. The roles and responsibilities in that process matter too. This is why the UK ENUM Group factored out the DNS Provider as a distinct role in its overall ENUM architecture. [Read its 2002 report.] That meant DNS content and service wasn't necessarily under the control of a registrar, ISP or application service provider. This is a very important distinction IMO. We also envisaged a market for different levels of DNS service. Some might be happy with a no-guarantees free service, while others want something super-robust with 24x7 support, anycasting, DNSSEC and so on. Your CNAME scheme could make it harder to establish that market. Suppose my number is delegated from the T1 registry with a CNAME to some zone of yours. You have the trust relationship with the T1. I have a trust relationship with you. In this scenario, the T1 doesn't know or care about me. So they won't change the CNAME if I asked them to do this. That won't happen unless you tell them. And if we've had a falling out, you're not likely to make that hassle-free. Now suppose you're a telco and I'm a customer wanting to switch to another telco. Or I want to shift my mail URIs from the telco's mail server to say hotmail. Does this help clarify the context now? >> For something like a DDI block for an organisation, this >> shouldn't be an issue. But if it was for all numbers in the >> Dublin area code (say), there would be a problem. Niall> How is this different between the NS and CNAME Niall> implementations ? It's not about that. It's about what can be put in the zone and how that's done. If all the numbers in one block are "delegated" -- for some loose definition of that term -- to a single zone file, there will be less flexibility and granularity of control over the zone's contents. I have to use whatever tools you've provided and onlyaccess ENUM services you'll let me add to the zone for that number. This is tolerable for a number block under one authority where common rules and policy can be enforced -- say the DDI block for an employer. But for the general case, this isn't acceptable. The entity holding that zone file shouldn't be allowed to restrict what NAPTR records exist for my number. Or my neighbour's. For maximum flexibility and fine-grained granularity of control (plus making sure delegations carefully follow the national numbering plan), the T1 registry should delegate individual numbers to discrete zone files that are notionally controlled by the owner of that number. Introducing CNAMEs will add a layer of indirection. [A needless one IMO.] That could mean boundaries of responsibility get blurred and/or more complicated. Which could give an unscrupulous provider enough wiggle room for unsavoury practices.
- Previous message (by thread): [dns-wg] Fwd: [enum-wg] Tier-2 provisioning: NS vs CNAME/DNAME
- Next message (by thread): [dns-wg] Fwd: [enum-wg] Tier-2 provisioning: NS vs CNAME/DNAME
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]